[AusNOG] FastNetMon - open source solution for DoS/DDoS mitigation

Matt Perkins matt at spectrum.com.au
Wed Jul 1 21:29:09 EST 2015


Pavel posted this to nanog a few weeks back and we have been testing ever since. Worth a try. We don't have it doing more then email alerts but so far results are promising. 

Matt
 


-- 
/* Matt Perkins
       Direct 1300 137 379     Spectrum Networks Ptd. Ltd.
       Office 1300 133 299     matt at spectrum.com.au
       Fax    1300 133 255     Level 6, 350 George Street Sydney 2000
      SIP 1300137379 at sip.spectrum.com.au
       Google Talk MattAPerkins at gmail.com
       PGP/GNUPG Public Key can be found at  http://pgp.mit.edu
*/

> On 1 Jul 2015, at 9:23 pm, Pavel Odintsov <pavel.odintsov at gmail.com> wrote:
> 
> Hello, Folks!
> 
> I would like to offer some help with DDoS mitigation to Australia
> Network Community.
> 
> So much Networks hit DDoS attacks every day and bother your (awesome
> NOC Engineer!) sleep.
> 
> And I have solution for keeping NOC's engineers sleep safe :)
> 
> Here you go! https://github.com/FastVPSEestiOu/fastnetmon
> 
> Stop! What is FastNetMon?
> 
> It's really very fast toolkit which could find attacked host in your
> network and block it (or redirect to filtering appliance)
> 
> We support following engines for traffic capture:
> - Netflow (v5, v9 and IPFIX)
> - sFLOW v4 (dev branch), v5
> - port mirror/SPAN (PF_RING and netmap supported)
> 
> So awesome! Isn't it?
> 
> Here you could get VyOS appliance with bundled FastNetMon and start
> testing right now:
> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/VYOS_BINARY_ISO_IMAGE.md
> !
> 
> Also we have deep integration with ExaBGP (huge thanks to Thomas
> Mangin) for triggering blackhole on the Core Router or upstream.
> 
> Since 1.0 version we have added support for following features:
> - Ability to detect most popular attack types: syn_flood, icmp_flood,
> udp_flood, ip_fragmentation_flood
> - Add support for Netmap for Linux (we have prepared special driver
> for ixgbe users: https://github.com/pavel-odintsov/ixgbe-linux-netmap)
> and FreeBSD.
> - Add support for PF_RING ZC (very fast but need license from ntop folks)
> - Add ability to collect netflow v9/IPFIX data from multiple devices
> with different templates set
> - Basic support for IPv6 (we could receive netflow data over IPv6)
> - Add plugin support for capture engines
> - Add support of L2TP decapsulation (important for DDoS attack
> detection inside tunnel)
> - Add ability to store attack details in Redis
> - Add Graphite/Grafana integration for traffic visualization
> - Add systemd unit file
> - Add ability to unblock host after some timeout
> - Introduce support of moving average for all counters
> - Add ExaBGP integration. We could announce attacked host with BGP to
> border router or uplink
> - Add so much details in attack report
> - Add ability to store attack fingerprint in file
> 
> We have complete support for following platforms:
> - Fedora 21
> - Debian 6, 7, 8
> - CentOS 6, 7
> - FreeBSD 9, 10, 11
> - DragonflyBSD 4
> - MacOS X 10.10
> 
>> From network equipment side we have tested solution with:
> - Cisco ASR
> - Juniper MX
> - Extreme Summit
> - ipt_NETFLOW Linux
> 
> We have binary packages for all popular distributions. But toolkit is
> under heavy development now and we release new features every day!
> 
> So, we recommend to use automatic installer
> script because it offer ability to switch to developer branch fastly:
> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/docs/INSTALL.md
> 
> Please join to our mail list or ask about anything here
> https://groups.google.com/forum/#!forum/fastnetmon
> 
> Thank you for your attention!
> 
> -- 
> Sincerely yours, Pavel Odintsov
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog


More information about the AusNOG mailing list